fix: Sprint 1b — null deref, supports_vision, empty response logging, test

- Fix null dereference in export.py get_alto (manuscript/corpus null checks)
- Respect supports_vision flag in Google AI and Vertex SA providers
- Log warning on empty AI responses (safety filters, silent model)
- Log corrupted archive files in pages.py history endpoint
- Add test for path traversal startswith prefix confusion

https://claude.ai/code/session_012NCh8yLxMXkRmBYQgHCTik

backend/app/api/v1/export.py

@@ -158,7 +158,12 @@ async def get_alto(page_id: str, db: AsyncSession = Depends(get_db)) -> Response
         raise HTTPException(status_code=404, detail="Page introuvable")
 
     manuscript = await db.get(ManuscriptModel, page.manuscript_id)
+    if manuscript is None:
+        raise HTTPException(status_code=404, detail="Manuscrit introuvable")
+
     corpus = await db.get(CorpusModel, manuscript.corpus_id)
+    if corpus is None:
+        raise HTTPException(status_code=404, detail="Corpus introuvable")
 
     master = await _read_master_json(corpus.slug, page_id)
     if master is None:

backend/app/api/v1/pages.py

@@ -410,7 +410,11 @@ async def get_page_history(
             versions.append(
                 VersionInfo(version=version_num, saved_at=saved_at, status=status)
             )
-        except (json.JSONDecodeError, KeyError, OSError):
+        except (json.JSONDecodeError, KeyError, OSError) as exc:
+            logger.warning(
+                "Archive master.json corrompue, ignorée",
+                extra={"path": str(vpath), "error": str(exc)},
+            )
             continue
 
     return sorted(versions, key=lambda v: v.version)

backend/app/services/ai/provider_google_ai.py

@@ -59,11 +59,22 @@ class GoogleAIProvider(AIProvider):
         if not self.is_configured():
             raise RuntimeError(f"Variable d'environnement manquante : {_ENV_KEY}")
         client = genai.Client(api_key=os.environ[_ENV_KEY])
-        image_part = types.Part.from_bytes(data=image_bytes, mime_type="image/jpeg")
+
+        if supports_vision:
+            image_part = types.Part.from_bytes(data=image_bytes, mime_type="image/jpeg")
+            contents = [image_part, prompt]
+        else:
+            logger.warning(
+                "Modèle texte seul sélectionné pour une analyse image : %s. "
+                "L'image ne sera pas transmise à l'API.",
+                model_id,
+            )
+            contents = [prompt]
+
         try:
             response = client.models.generate_content(
                 model=model_id,
-                contents=[image_part, prompt],
+                contents=contents,
             )
         except Exception as exc:
             logger.error(
@@ -71,4 +82,7 @@ class GoogleAIProvider(AIProvider):
                 extra={"model": model_id, "error": str(exc)},
             )
             raise RuntimeError(f"Erreur API Google AI Studio ({model_id}) : {exc}") from exc
+
+        if not response.text:
+            logger.warning("Réponse IA vide (filtres de sécurité ou modèle muet)", extra={"model": model_id})
         return response.text or ""

backend/app/services/ai/provider_vertex_sa.py

@@ -89,11 +89,22 @@ class VertexServiceAccountProvider(AIProvider):
         if not self.is_configured():
             raise RuntimeError(f"Variable d'environnement manquante : {_ENV_KEY}")
         client = self._build_client()
-        image_part = types.Part.from_bytes(data=image_bytes, mime_type="image/jpeg")
+
+        if supports_vision:
+            image_part = types.Part.from_bytes(data=image_bytes, mime_type="image/jpeg")
+            contents = [image_part, prompt]
+        else:
+            logger.warning(
+                "Modèle texte seul sélectionné pour une analyse image : %s. "
+                "L'image ne sera pas transmise à l'API.",
+                model_id,
+            )
+            contents = [prompt]
+
         try:
             response = client.models.generate_content(
                 model=model_id,
-                contents=[image_part, prompt],
+                contents=contents,
             )
         except Exception as exc:
             logger.error(
@@ -101,4 +112,7 @@ class VertexServiceAccountProvider(AIProvider):
                 extra={"model": model_id, "error": str(exc)},
             )
             raise RuntimeError(f"Erreur API Vertex AI ({model_id}) : {exc}") from exc
+
+        if not response.text:
+            logger.warning("Réponse IA vide (filtres de sécurité ou modèle muet)", extra={"model": model_id})
         return response.text or ""

backend/tests/test_security.py

@@ -330,3 +330,33 @@ async def test_path_traversal_symlink_escape_rejected(_sec_db, tmp_path):
     await _sec_db.refresh(s["job"])
 
     assert s["job"].status == "failed"
+
+
+# ---------------------------------------------------------------------------
+# Path traversal — frontend static serving (startswith prefix confusion)
+# ---------------------------------------------------------------------------
+
+def test_static_dir_startswith_prefix_confusion():
+    """Paths like /app/static-evil/foo must NOT pass the startswith check.
+
+    Before the fix, str(candidate).startswith(str(_STATIC_DIR.resolve()))
+    would accept '/app/static-evil/foo' because '/app/static-evil' starts
+    with '/app/static'. The fix appends '/' to the prefix.
+    """
+    from pathlib import Path
+
+    # Simulate the fixed check from main.py
+    _STATIC_DIR = Path("/app/static")
+    static_resolved = str(_STATIC_DIR.resolve()) + "/"
+
+    # A path under a sibling directory with a confusable prefix
+    evil_path = Path("/app/static-evil/foo.txt")
+    assert not str(evil_path.resolve()).startswith(static_resolved), (
+        "Path /app/static-evil/foo.txt should NOT be treated as under /app/static/"
+    )
+
+    # A legitimate path under /app/static/ should still pass
+    good_path = Path("/app/static/index.html")
+    assert str(good_path.resolve()).startswith(static_resolved), (
+        "Path /app/static/index.html SHOULD be treated as under /app/static/"
+    )